GLSA-201701-14 : LZO: Multiple vulnerabilities
Medium Nessus Plugin ID 96245
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201701-14 (LZO: Multiple vulnerabilities)
LZO is vulnerable to an integer overflow condition in the “lzo1x_decompress_safe” function which could result in a possible buffer overrun when processing maliciously crafted compressed input data.
A remote attacker could send specially crafted compressed input data possibly resulting in a Denial of Service condition or arbitrary code execution.
There is no known workaround at this time.
SolutionAll LZO users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/lzo-2.08'